Merge head from 7/28

author: sjg <sjg@FreeBSD.org> 2014-08-19 06:50:54 +0000
committer: sjg <sjg@FreeBSD.org> 2014-08-19 06:50:54 +0000
commit: d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2 (patch)
tree: b04f4bd7cd887f50e7d98af35f46b9834ff86c80 /lib/libpam/modules
parent: 3c8e37b1d04827f33c0c9a7594bd1b1ef7cdb3d3 (diff)
parent: 4fbde208c6460d576f64d6dc3cdc6cab085a4283 (diff)
download: FreeBSD-src-d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2.zip
FreeBSD-src-d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2.tar.gz
7 files changed, 38 insertions, 23 deletions
diff --git a/lib/libpam/modules/pam_group/pam_group.8 b/lib/libpam/modules/pam_group/pam_group.8
index 985094b..4f368e5 100644
--- a/lib/libpam/modules/pam_group/pam_group.8
+++ b/lib/libpam/modules/pam_group/pam_group.8
@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 9, 2011
+.Dd July 19, 2014
 .Dt PAM_GROUP 8
 .Os
 .Sh NAME
@@ -48,6 +48,11 @@
 .Sh DESCRIPTION
 The group service module for PAM accepts or rejects users based on
 their membership in a particular file group.
+.Nm pam_group
+provides functionality for two PAM categories: authentication and
+account management.
+In terms of the module-type parameter, they are the ``auth'' and
+``account'' features.
 .Pp
 The following options may be passed to the
 .Nm
diff --git a/lib/libpam/modules/pam_group/pam_group.c b/lib/libpam/modules/pam_group/pam_group.c
index a6e32cd..6cf2774 100644
--- a/lib/libpam/modules/pam_group/pam_group.c
+++ b/lib/libpam/modules/pam_group/pam_group.c
@@ -47,15 +47,14 @@ __FBSDID("$FreeBSD$");
 #include <unistd.h>
 
 #define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
 
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
 #include <security/openpam.h>
 
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
+static int
+pam_group(pam_handle_t *pamh)
 {
 	int local, remote;
 	const char *group, *user;
@@ -96,14 +95,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	if ((grp = getgrnam(group)) == NULL || grp->gr_mem == NULL)
 		goto failed;
 
-	/* check if the group is empty */
-	if (*grp->gr_mem == NULL)
-		goto failed;
-
-	/* check membership */
+	/* check if user's own primary group */
 	if (pwd->pw_gid == grp->gr_gid)
 		goto found;
-	for (list = grp->gr_mem; *list != NULL; ++list)
+
+	/* iterate over members */
+	for (list = grp->gr_mem; list != NULL && *list != NULL; ++list)
 		if (strcmp(*list, pwd->pw_name) == 0)
 			goto found;
 
@@ -123,6 +120,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 }
 
 PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
+    int argc __unused, const char *argv[] __unused)
+{
+
+	return (pam_group(pamh));
+}
+
+PAM_EXTERN int
 pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
@@ -130,4 +135,12 @@ pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused,
 	return (PAM_SUCCESS);
 }
 
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
+    int argc __unused, const char *argv[] __unused)
+{
+
+	return (pam_group(pamh));
+}
+
 PAM_MODULE_ENTRY("pam_group");
diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.c b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
index 72bb942..814edb8 100644
--- a/lib/libpam/modules/pam_lastlog/pam_lastlog.c
+++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
@@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/time.h>
 
 #include <paths.h>
-#include <pwd.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
@@ -68,7 +67,6 @@ PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *pamh, int flags,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
 	struct utmpx *utx, utl;
 	time_t t;
 	const char *user;
@@ -79,7 +77,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags,
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+	if (user == NULL)
 		return (PAM_SERVICE_ERR);
 	PAM_LOG("Got user: %s", user);
 
diff --git a/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8 b/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
index 408f77d..abdd390 100644
--- a/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
+++ b/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
@@ -123,7 +123,6 @@ password are not counted.
 In addition to being sufficiently long, passwords are required to
 contain enough different characters for the character classes and
 the minimum length they have been checked against.
-.Pp
 .It Cm max Ns = Ns Ar N
 .Pq Cm max Ns = Ns 40
 The maximum allowed password length.
@@ -257,7 +256,7 @@ is that the former is incompatible with
 The
 .Nm
 module was written by
-.An Solar Designer Aq solar@openwall.com .
+.An Solar Designer Aq Mt solar@openwall.com .
 This manual page, derived from the author's documentation, was written
 for the
 .Fx
diff --git a/lib/libpam/modules/pam_radius/pam_radius.8 b/lib/libpam/modules/pam_radius/pam_radius.8
index da36b7f..d71b414 100644
--- a/lib/libpam/modules/pam_radius/pam_radius.8
+++ b/lib/libpam/modules/pam_radius/pam_radius.8
@@ -126,9 +126,9 @@ manual page first appeared in
 The
 .Nm
 manual page was written by
-.An Andrzej Bialecki Aq abial@FreeBSD.org .
+.An Andrzej Bialecki Aq Mt abial@FreeBSD.org .
 .Pp
 The
 .Nm
 module was written by
-.An John D. Polstra Aq jdp@FreeBSD.org .
+.An John D. Polstra Aq Mt jdp@FreeBSD.org .
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8
index ea41455..7c1ee40 100644
--- a/lib/libpam/modules/pam_ssh/pam_ssh.8
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.8
@@ -147,7 +147,7 @@ The
 .Nm
 module was originally written by
 .An -nosplit
-.An "Andrew J. Korty" Aq ajk@iu.edu .
+.An Andrew J. Korty Aq Mt ajk@iu.edu .
 The current implementation was developed for the
 .Fx
 Project by
@@ -156,4 +156,4 @@ Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
 This manual page was written by
-.An "Mark R V Murray" Aq markm@FreeBSD.org .
+.An Mark R V Murray Aq Mt markm@FreeBSD.org .
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 b/lib/libpam/modules/pam_tacplus/pam_tacplus.8
index a1fe9ba..ee8cc78 100644
--- a/lib/libpam/modules/pam_tacplus/pam_tacplus.8
+++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.8
@@ -116,11 +116,11 @@ module first appeared in
 The
 .Nm
 manual page was written by
-.An Andrzej Bialecki Aq abial@FreeBSD.org
+.An Andrzej Bialecki Aq Mt abial@FreeBSD.org
 and adapted to TACACS+ from RADIUS by
-.An Mark R V Murray Aq markm@FreeBSD.org .
+.An Mark R V Murray Aq Mt markm@FreeBSD.org .
 .Pp
 The
 .Nm
 module was written by
-.An John D. Polstra Aq jdp@FreeBSD.org .
+.An John D. Polstra Aq Mt jdp@FreeBSD.org .
author	sjg <sjg@FreeBSD.org>	2014-08-19 06:50:54 +0000
committer	sjg <sjg@FreeBSD.org>	2014-08-19 06:50:54 +0000
commit	d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2 (patch)
tree	b04f4bd7cd887f50e7d98af35f46b9834ff86c80 /lib/libpam/modules
parent	3c8e37b1d04827f33c0c9a7594bd1b1ef7cdb3d3 (diff)
parent	4fbde208c6460d576f64d6dc3cdc6cab085a4283 (diff)
download	FreeBSD-src-d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2.zip FreeBSD-src-d7cd1d425cc1ea9451fa235e3af9b6625c3e0de2.tar.gz